Come on, we’ve all done it. Closed the front door then suddenly realised you’ve left the keys on the kitchen table. The reality is that unless you’ve left a key with your neighbour, you’re going to have to force your way in by either breaking in, call a locksmith who’ll constantly remind you how stupid you’ve been or posting yourself through the letterbox.

The same scenario can be applied to your windows PC. There are occasions when you simply forgot your password or someone changed it before going on holiday. All is not lost though. I’m going to show you some age old hacking tricks to get in to windows without posting yourself through the letterbox.Of course you won’t need reminding that accessing or attempting to access a PC, system and/or its data without sufficient access rights (or hacking) is illegal. Doing so can result in prosecution to the fullest extent of the law. Therefore, this guide is for your own personal property which you have legal ownership to. If you are doing this for someone else, make sure they are the legal owners.

Ok, that’s that bit done let’s guide you through.

Picking the lockFor Windows 8, Windows 7 and Windows XP

We are going to use the windows recovery console from the Windows installation disk to simply replace the sticky keys command with the command prompt. When you hit a sticky key on the login screen, we trick the system in running the command prompt program instead of the sticky keys program. Once you’re in the commend window, you’ve bypassed admin rights and you can change the user passwords.

You will need your Windows Install disk. If you don't have one, borrowing one is fine.

Note for Windows 8 Users : the following does not work for Windows 8 connected live accounts. A connected account is linked directly with Microsoft's cloud for service such as Outlook.com, Live, Mail, SkyDrive etc. It feeds and synchronises information from the cloud and your PC so you only need to login once, and these services are there for you. It will work where login credentials are stored locally. If you attempt the hack on a connected account, you will get an error. If you forget you connected account password, you'll have to reset your password online using their password reset feature. This normally involves passing a CAPTCHA anti-spam screen first. The password reset is sent to an alternative email account if you specified one. Otherwise, you'll have to give Microsoft a call.

1. Ok first thing, you’ll need to access Windows recovery to get to a command line. Read my “how to get a command prompt” guide.

2. Once you are at a command line, type in the following command to display which partition windows is installed on. Type in the following and press enter:Bcdedit : find “osdevice”For this guide we’ll use “D: as that’s the default for Windows 8 and 7. If yours is different, change all instances of D:\ to the drive letter that was just reported. Saves guessing.

3. Backup the sticky keys command as we’ll be restoring this when done. Type the following and press enter.copy c:\windows\system32\sethc.exe c:\

4. Now we are going to replace the sticky keys command with the command prompt. Type the following and press enter:copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe

5. Remove the install disk and reboot.

6. This is the good bit.. When the login screen appears, hit SHIFT key five times until the command prompt appears.

7. Let’s find out the user names on the system: Type in the following and press enter:net user

8. This shows a list of users on the system, Make a note of the user name you wish to change the password for then type in the following press enter afterwards:

net user <name> <new password>So for examplenet user Huddy MyPassword

9. Copy back the sticky keys command by typing the following then pressing enter:c:\sethc.exe file back to c:\windows\system32\sethc.exe.Confirm the copy and overwrite.

10. Restart the system making sure you can boot. You should be able to access login using the credentials you just changed.Job Done

Breaking the Window

A little more drastic is to use a bootable Linux live disk with password recovery and rescue tools. The two are I use is Orphcrack and Trinity Rescue Kit.

Trinity Rescue kit (TRK)

TRK is a live Linux environment that comes with various tools but specific for our needs is a utility called Winpass. Winpass erases and resets passwords for Administrator and user accounts.

You’ll need to burn the TRK ISO to a blank CD. For Windows 7 and 8 users, you can do this by right clicking on the downloaded image then select “Burn Disk Image”. For Windows XP, you’ll have to use a third party image burning utility, like ImageBurn. All of which creates a bootable TRK disk.

You’ll need to boot straight from your CD. To do this, you need may need to change your boot device so that the system knows to boot from the CD. You can do this be changing the Boot Priority in your BIOS our hit F8 just as the PC boots. Simply select from the list of devices. In this case, your CD/DVD drives.Insert you the CD. You should get a message “Press any key to boot from CD or DVD”.

The TRK utility is launched.

TRK is free but if this has helped saved the day and expense of going to an engineer, I think they are worthy of a donation.

OrphCrack

Orpcrack scan the passwords and uses complex algorithms to literally break the code. It can be a bit hit and miss depending on the strength of the password that’s been set.

As with TRK, OrphCrack is a live Linux CD . You can download the ISO here:

I’m not sure as of writing if Windows 8 is supported.

You’ll need to burn the Orphcrack ISO to a blank CD and boot from the CD. Simply follow the instruction above for TRK.OrphCrack will first try brute force methods, such as obvious and low strength passwords, moving on to more complex passwords. Be warned though, this can take hours to run and there’s no guarantee it will find them at all.

If you have any questions or wish to discuss then please join our forum - all are welcome

Yer that's handy to know. I also have a password recovery cd that you boot from and it wipes all passwords on all accounts including admin account on xp. I had to use it on my mates laptop as he had forgotten his password, it took about 1 minute, well handy and works on the entire crop of windows os's